{
  lib,
  stdenv,
  fetchgit,
  autoreconfHook,
  pkg-config,
  gettext,
  python3,
  ncurses,
  swig,
  glib,
  util-linux,
  cryptsetup,
  nss,
  gpgme,
  buildPackages,
}:

stdenv.mkDerivation rec {
  pname = "volume_key";
  version = "0.3.11";

  src = fetchgit {
    url = "https://pagure.io/volume_key.git";
    rev = "volume_key-${version}";
    sha256 = "1sqdbcih1c39bjiv4mm1m7acc3lfh2i2hf2r9i7rk8adfzq8awma";
  };

  outputs = [
    "out"
    "man"
    "dev"
    "py"
  ];

  strictDeps = true;

  nativeBuildInputs = [
    autoreconfHook
    gettext
    gpgme
    pkg-config
    swig
  ];

  buildInputs = [
    glib
    cryptsetup
    nss
    util-linux
    ncurses
  ];

  configureFlags = [
    "--with-gpgme-prefix=${gpgme.dev}"
  ];

  preConfigure = ''
    export PYTHON="${buildPackages.python3}/bin/python"
    export PYTHON3_CONFIG="${python3}/bin/python3-config"
  '';

  makeFlags = [
    "pyexecdir=$(py)/${python3.sitePackages}"
    "pythondir=$(py)/${python3.sitePackages}"
  ];

  env = lib.optionalAttrs stdenv.cc.isGNU {
    NIX_CFLAGS_COMPILE = toString [
      "-Wno-error=implicit-function-declaration"
      "-Wno-error=int-conversion"
    ];
  };

  doCheck = false; # fails 1 out of 1 tests, needs `certutil`

  meta = with lib; {
    description = "Library for manipulating storage volume encryption keys and storing them separately from volumes to handle forgotten passphrases, and the associated command-line tool";
    mainProgram = "volume_key";
    homepage = "https://pagure.io/volume_key/";
    license = licenses.gpl2;
    maintainers = [ ];
    platforms = platforms.linux;
  };
}
